Before discussing the present invention, certain terms, used throughout the description, will be defined.
An Autonomous System Border Router (ASBR) is a router located on an edge of an autonomous system and functions as an autonomous system's link to other routing domains. The ASBR exchanges router information with routers belonging to other routing domains. Such a router has AS external routes that are advertised throughout the autonomous system. The path to each ASBR is known to every other router in the autonomous system.
Routers support Virtual Routing and Forwarding instances (VRFs). A VRF includes a network address routing table, a derived forwarding table, a set of interfaces or VLANs that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table.
A Virtual Private Network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols.
Multi-Protocol Border Gateway Protocol (MPBGP) is an exterior gateway routing protocol that enables groups of routers (called autonomous systems) to share routing information so that efficient, loop-free routes can be established.
Multi-Protocol Label Switching (MPLS) is a standards-approved technology for speeding up network traffic flow and making it easier to manage. MPLS involves setting up a specific path for a given sequence of packets, identified by a label put in each packet, thus saving the time needed for a router to look up the address to the next node to forward the packet to. MPLS is called multiprotocol because it works with the Internet Protocol (IP), Asynchronous Transport Mode (ATM), and frame relay network protocols.
A Service Level Agreement (SLA) is a contract between a network service provider and a customer that specifies, usually in measurable terms, what services the network service provider will furnish. Many Internet service providers (ISP)s provide their customers with an SLA. More recently, IS departments in major enterprises have adopted the idea of writing a service level agreement so that services for their customers (users in other departments within the enterprise) can be measured, justified, and compared with those of outsourcing network providers.
Routing type (RT) identifies a particular routine header variant. If a router does not recognize the routing type value, it must discard the packet.
Route distinguisher (RD) is an address qualifier used to distinguish the distinct Virtual Private Network (VPN) routes of separate customers who connect to the provider. The route distinguisher is an 8-byte field prefixed to the customer's Internet Protocol address (IPv4). The resulting 12-byte field is a unique “VPN-IPv4” address. The route distinguisher is used to make IPv4 or Ipv6 prefixes globally unique. It is not used for forwarding, but it is used by the routers BGP process to identify each prefix as unique, even though the 4 byte IP-address may be equal. For example, for a PE router to be able to distinguish between the IP address 10.0.0.0 of one customer from the 10.0.0.0 of another customer, the network administrator must add a unique route distinguisher to each.
On the Internet and in other networks, QoS (Quality of Service) is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS is of particular concern for the continuous transmission of high-bandwidth video and multimedia information. Transmitting this kind of content dependably is difficult in public networks using ordinary “best effort” protocols. Using the Internet's Resource Reservation Protocol (RSVP), packets passing through a gateway host can be expedited based on policy and reservation criteria arranged in advance. Using ATM, which also lets a company or user preselect a level of quality in terms of service, QoS can be measured and guaranteed in terms of the average delay at a gateway, the variation in delay in a group of cells (cells are 53-byte transmission units), cell losses, and the transmission error rate.
A Label Forwarding Information Base (LFIB) is a subset of a Label Information Base (LIB). The LFIB contains an incoming label, an outgoing label, a next hop and an outgoing interface. The LFIB contains what is actually being used to forward packets via label swapping, whereas the LIB contains all possible routes (generated by the underlying routing Link State Protocol) with labels already assigned (assuming frame mode MPLS). The LFIB has only routes that are considered “best” by the routing protocols. The LIB has IP information, label and interface information, but no indication of which is the shortest path to the given destination. Any route in the LFIB will also be in the LIB, but not the other way around.
The industry has standardized on a few Inter-Autonomous System (AS) models that the service providers may deploy. The current industry standards for Inter-AS solutions include the models defined as 10a (also referred to as option A), 10b (also referred to as option B), and 10c. 
The first model defined and deployed by many service providers is the 10a model. The 10a model requires the provider to build on their ASBR a VRF per VPN, a unique peering interface per VRF, and a unique routing process per VRF. The peer ASBR does the same thereby creating a one-for-one relationship between the two ASBR's. The advantages of the 10a model include discrete interfaces facilitating QoS mechanisms and explicit resource management methods that protect the memory and processing resources. Likewise, the exposure of the ASBR and the attached network is limited.
The second model defined and deployed by a few service providers is the 10b model. The 10b model only requires the provider to build a single interface for each peer and a single routing process on the interface. The routing process (MP-BGP) is able to maintain the segregation of VPN prefixes without having to use discrete VRF's per VPN. The advantages include less memory consumption for the routing prefixes and interfaces, less processor consumption for the routing process, and automatic VPN session binding between the ASBR's.
The third model defined and rarely deployed by service providers is the 10c method. The 10c model only requires the provider to build a single interface for each peer and a single routing process on the interface. A routing process (MP-BGP) is able to maintain the segregation of VPN prefixes without requiring a presence on the ASBR. The advantages include even less memory consumption for the routing prefixes since the VPN prefixes are passed around the ASBR. The ASBR has even less processor consumption since the ASBR serves as a core device providing connectivity between the two AS's.
The two most commonly used models—10a and 10b—have orthogonal capabilities. Where 10a is strong, 10b is weak and vice-a-versa. Table 1 provides a synopsis of the existing solutions.
TABLE 1ASBR10a10b10cRoutingManyOneOneInterfacesManyOneOneMemoryPer-prefixPer-labelPer-labelQoSPer-VPNGlobalGlobalConfigurationManualDynamicDynamicResourceStrongWeakWeakSecurityStrongWeakVery Weak
Routing processes are complex state machines that keep track of the prefixes and the paths to reach the prefixes. Routing processes can be constrained by a number of factors such as the number of peers or adjacencies, the number of routing entries, and the number of potentially viable paths for each routing entry. As the number of prefixes and interfaces increase, the computation complexity increases thereby requiring more processor schedule time. Excessive computational routing complexity on the ASBR may impact any or all the VPN's. As shown in Table 1, the 10a method requires many routing processes, while the 10b and 10c methods require a single routing process.
Interfaces consume memory constructs and typically require an operator to configure the interface and the associate peer entity. The cost of a VPN interface is usually not too cumbersome in an Inter-AS solution as the number of VPNs is typically small. Nevertheless, the interface must be created and correctly associated with the appropriate customer. The 10a method requires many interfaces, while the 10b and 10c methods require a single interface.
Memory is allocated for VPN prefixes. VPN prefixes can create a resource burden on the ASBR. The number of prefixes is not directly controlled by a single provider or customer, but by the aggregate set of operators and customers. For this reason, memory allocated for VPN prefixes may be very precious. The 10a method requires memory on a per-prefix basis, while the 10b and 10c methods require memory on a per-label basis.
The customers of the MPLS VPN are particularly interested in QoS, especially at provider boundaries where SLA's tend to be difficult to enforce. Each enterprise has unique QoS requirements that may be difficult to handle in aggregate; however, provisioning a QoS model per customer is also a challenge especially when there is no discrete point where the QoS model may be applied. The 10a method requires QoS on a per-VPN basis, whereas the 10b and 10c methods require QoS on a global basis.
The Inter-AS model requires a configuration that establishes a relationship between the ASBR's for each VPN. The configuration should be simple to implement and should be easy to replicate. The 10a method requires more manual configuration, while the 10b and 10c methods utilize dynamic configuration.
Resources (memory, interfaces, and processor schedule time) are precious for a service provider. In particular, the provider is interested in conducting “One Time Provisioning” for many services. In addition, the management of the allocated resources can become a burden. To minimize the Operation Expenditures, the provider will frequently over-provision many of the components in a solution if the Capital Costs of the components are negligible. On the contrary, the expensive components are monitored closely and judiciously allocated. Resource management plays a critical role insuring SLA's are met. The 10a method provides strong resource management, while the 10b and 10c methods provide weak resource management.
Closely related with resource management is security. Security requirements permeate the solution such that the provider can protect their assets, their ability to provide services, as well as one customer from another customer. Security is based on a risk management model where the law of diminishing returns plays a critical role. The cost of security (capital costs, functional costs, operational costs) must be balanced against the potential risk (liability costs, credibility, etc.). Clearly, failure to address the security requirements of a solution makes the previous points highlighted somewhat pointless. The 10a method provides for strong security, while the 10b method provides weaker security and the 10c method provides even weaker security than the 10b method.
Customers of a 2547bis-based VPN service often need to connect to multiple Service Providers in order to achieve connectivity for all of their sites. The Service Providers need to setup peering points where they exchange VPN prefixes and data traffic. The various types of connections between 2547bis Service Providers are described in draft-ietf-13vpn-rfc2547bis-03.txt.
Many providers select the peering based on a per-VRF basis, i.e. for each customer (VRF), they have a dedicated interface (either physical or logical) where they exchange customer prefixes and traffic. This is a good solution from a security and QOS point of view, the individual customers are isolated from each other and customer SLAs could be applied on such interfaces. This option is called option A, since it's documented as such in chapter 10 paragraph A in draft-ietf-13vpn-rfc2547bis-03.txt.
However, this option does not scale well with the increase in the number of customers. There are two areas where scalability becomes an issue—their needs to be one interface for each customer, and one routing protocol session running on that interface. The routing protocol session is usually BGP-4. This idea addresses the second limitation —the need to have one routing protocol session per customer.